diff --git a/ceph/utils.py b/ceph/utils.py
index 9d6cd3c..0fa89c7 100644
--- a/ceph/utils.py
+++ b/ceph/utils.py
@@ -1311,7 +1311,8 @@ def bootstrap_monitor_cluster(secret):
         # Ceph >= 0.61.3 needs this for ceph-mon fs creation
         mkdir('/var/run/ceph', owner=ceph_user(),
               group=ceph_user(), perms=0o755)
-        mkdir(path, owner=ceph_user(), group=ceph_user())
+        mkdir(path, owner=ceph_user(), group=ceph_user(),
+              perms=0o755)
         # end changes for Ceph >= 0.61.3
         try:
             add_keyring_to_ceph(keyring,
@@ -1705,17 +1706,24 @@ def upgrade_monitor(new_version):
             service_stop('ceph-mon-all')
         apt_install(packages=determine_packages(), fatal=True)
 
+        owner = ceph_user()
+
         # Ensure the files and directories under /var/lib/ceph is chowned
         # properly as part of the move to the Jewel release, which moved the
         # ceph daemons to running as ceph:ceph instead of root:root.
         if new_version == 'jewel':
             # Ensure the ownership of Ceph's directories is correct
-            owner = ceph_user()
             chownr(path=os.path.join(os.sep, "var", "lib", "ceph"),
                    owner=owner,
                    group=owner,
                    follow_links=True)
 
+        # Ensure that mon directory is user writable
+        hostname = socket.gethostname()
+        path = '/var/lib/ceph/mon/ceph-{}'.format(hostname)
+        mkdir(path, owner=ceph_user(), group=ceph_user(),
+              perms=0o755)
+
         if systemd():
             for mon_id in get_local_mon_ids():
                 service_start('ceph-mon@{}'.format(mon_id))
diff --git a/unit_tests/test_mon_upgrade_roll.py b/unit_tests/test_mon_upgrade_roll.py
index bf5e01d..99b104e 100644
--- a/unit_tests/test_mon_upgrade_roll.py
+++ b/unit_tests/test_mon_upgrade_roll.py
@@ -73,6 +73,9 @@ class UpgradeRollingTestCase(unittest.TestCase):
                      'mon_ip-192-168-1-2_hammer_done 1473279502.69'),
             ])
 
+    @patch.object(ceph.utils, 'ceph_user')
+    @patch.object(ceph.utils, 'socket')
+    @patch.object(ceph.utils, 'mkdir')
     @patch.object(ceph.utils, 'apt_install')
     @patch.object(ceph.utils, 'chownr')
     @patch.object(ceph.utils, 'service_stop')
@@ -89,10 +92,13 @@ class UpgradeRollingTestCase(unittest.TestCase):
                                     systemd, local_mons, add_source,
                                     apt_update, status_set, log,
                                     service_start, service_stop, chownr,
-                                    apt_install):
+                                    apt_install, mkdir, socket,
+                                    ceph_user):
         get_version.side_effect = [0.80, 0.94]
         config.side_effect = config_side_effect
         systemd.return_value = False
+        socket.gethostname.return_value = 'testmon'
+        ceph_user.return_value = 'root'
         local_mons.return_value = ['a']
 
         ceph.utils.upgrade_monitor('hammer')
@@ -110,7 +116,14 @@ class UpgradeRollingTestCase(unittest.TestCase):
             call('maintenance', 'Upgrading monitor'),
         ])
         assert not chownr.called
+        mkdir.assert_called_with('/var/lib/ceph/mon/ceph-testmon',
+                                 owner='root',
+                                 group='root',
+                                 perms=0o755)
 
+    @patch.object(ceph.utils, 'ceph_user')
+    @patch.object(ceph.utils, 'socket')
+    @patch.object(ceph.utils, 'mkdir')
     @patch.object(ceph.utils, 'apt_install')
     @patch.object(ceph.utils, 'chownr')
     @patch.object(ceph.utils, 'service_stop')
@@ -127,10 +140,13 @@ class UpgradeRollingTestCase(unittest.TestCase):
                                    systemd, local_mons, add_source,
                                    apt_update, status_set, log,
                                    service_start, service_stop, chownr,
-                                   apt_install):
+                                   apt_install, mkdir, socket,
+                                   ceph_user):
         get_version.side_effect = [0.94, 10.1]
         config.side_effect = config_side_effect
         systemd.return_value = False
+        socket.gethostname.return_value = 'testmon'
+        ceph_user.return_value = 'ceph'
         local_mons.return_value = ['a']
 
         ceph.utils.upgrade_monitor('jewel')
@@ -153,6 +169,10 @@ class UpgradeRollingTestCase(unittest.TestCase):
                      follow_links=True)
             ]
         )
+        mkdir.assert_called_with('/var/lib/ceph/mon/ceph-testmon',
+                                 owner='ceph',
+                                 group='ceph',
+                                 perms=0o755)
 
     @patch.object(ceph.utils, 'get_version')
     @patch.object(ceph.utils, 'status_set')
diff --git a/unit_tests/test_utils.py b/unit_tests/test_utils.py
index 1bea1d4..8955c81 100644
--- a/unit_tests/test_utils.py
+++ b/unit_tests/test_utils.py
@@ -423,7 +423,8 @@ class CephTestCase(unittest.TestCase):
         mock_mkdir.assert_has_calls([
             call('/var/run/ceph', owner='ceph',
                  group='ceph', perms=0o755),
-            call(test_path, owner='ceph', group='ceph'),
+            call(test_path, owner='ceph', group='ceph',
+                 perms=0o755),
         ])
         fake_open.assert_has_calls([call(test_done, 'w'),
                                     call(test_init_marker, 'w')],